Hardware vs software firewalls
Definition of firewall A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet (1). It establishes a barrier between trusted, secure internal network and not to be assumed secure or trusted internet. It also prevents unwanted and unauthorized access from one computer on one subnet to anther computer on anther subnet under the same internal network. The firewall works by scanning and controlling the incoming and outgoing traffic by filtering them according to the rule sets (2). If the package passing through does not meet the criterion, the firewall will denied access into the network therefore protecting the data on the computer behind the firewall. As mentioned before, there are two types of firewall, software firewall and hardware firewall. Software Firewall Software firewall usually refers to a computer program installed on the computer which users can customize the functions and features. Throughout the history of the development of the firewall, we can categorize them into three generation. The first generation firewall is known as package filter firewall, it works by inspecting each packet which is being transmitted through the computer’s network connection whether it is internet or intranet. If the packet does not meet the criterion, the firewall will drop the packet (discard it silently) or reject the packet (send an error to the source) depends on the rule sets. The second generation firewall is known as “stateful” filter firewall, it operates up to the transport layer, compare to the first generation firewall, it only makes a judgement until enough packet been received, so that it can determent whether the packet is the start of a new connection or part of the existing connection, or not part of any connection (2). The third generation firewall is known as application layer firewall, not only it collects enough information before making a judgement, it also know some common application and protocols, such as FTP, HTTP. This is particularly useful when detecting certain protocols been abused or not. Therefore by setting the firewall properly, it can protect the computer from virus, Trojan, or even phishing. However the software firewall can’t protect the computer from all kind attacks. For example, attacks on insecure pre-installed components, some software or operation system may install extra component to improve the user experience, but at the same time, the extra component may not be very secure and leave a back door opened for attacker. It can’t protect inexperienced user, the firewall can assist the user in determining the potentially harmful program, but if the user still decided to run the program, there is nothing the firewall can do (3). Hardware Firewall Hardware firewall is a piece of networking equipment that is dedicated to provide a protective barrier that protects the internal computer for the outside internet (4). Differ from software firewall which only provide protection on the computer that installed the firewall, the hardware firewall protects each single computer connected to it. Nowadays we can find low-end hardware firewall in network switches and routers for residential use, high-end product are available for enterprises, corporates or government agency. Hardware firewall works by scanning each packet arrived according to the built-in rules. As the technology advance, today’s hardware firewall has built-in IPS/IPDS (intrusion Prevention Systems). IPDS uses signature-based, statistical anomaly-based and stateful protocol analysis to detect any malicious activities. Many manufactures are also including gateway antivirus, malware scanner and content filters in their devices (5). One major advantage of hardware firewall over software firewall is the cost, as mentioned before, the hardware firewall can provide protection on all computer that connected to it, therefore the cost of one hardware firewall will be significantly lower than the license fee for software firewall if there are tens, hundreds or even thousands of computer in the network. Not only the cost of equipment, the cost of maintenance will be significantly lower as well, because the manager can update the settings or rules on the centralize hardware firewall, rather than log-in to each individual computer to update the settings, thus saving the time and labour cost. How to manage the firewall system in the network The manager can configure a lot of settings on the firewall. Common configuration is being discussed here. The IP addresses, the manager can allow only certain IP addresses to connect to the network. For example only allow registered home IP address for employer to connect to the company network, block known phishing website. The protocols, the manager will only allow certain protocols, for example allowing HTTP (Hyper Text Transfer Protocol), but not FTP (File Transfer Protocol). Ports, the manager will block all traffic coming in through some ports, for example, company not running FTP server will block port 21 (6). Many other settings available, such as DMZ, MAC Filtering, port forwarding, but they are outside the scope of this paper. What are the differences in managing software firewall and hardware firewall The interfaces Two types of interfaces exist: CLI (command line interface) and GUI (graphic unit interface). Some of the state-of-art hardware firewall on the market can only be managed through CLI. CLI enables the manager to set a more specific rule for the firewall, but using the CLI requires knowledge of the command set in the firewall product, and different manufacture has different commands. Therefore it is more suitable for IT professional in big company. GUI enables the manager to quickly setup the firewall with a few clicks, and it is more-user-friendly, therefore is it more suitable for small business or personal use. Updating the firewall The hardware firewall usually runs on ASIC (application-specific integrated circuit) or Flash memory and their source code usually not available to the general public, therefore if a bug or vulnerability is discovered by third party, it is left to the manufacturer to patch the code. Also new features are being added according to the manufacturer schedule, with so many different products being manufactured by the company, it is not uncommon that the patching process and new features will be released slower and slower over the years and eventually no more updates will be provided, as the company is selling a more advance or more expensive product. The software firewall, on the other hand releases update more frequently, some even provide hourly update as there are more phishing site emerging. There are also some open source firewall, the source code is available for general public, this does not necessarily mean that the code is better, it means the manager can extended the firewall if he has the skill, this allows the firewall to suit the company’s policy better (7). = Reference = (1) http://www.microsoft.com/security/pc-security/firewalls-whatis.aspx (2) http://en.wikipedia.org/wiki/Firewall_(computing) (3) http://www.amaranten.com/support/user%20guide/Introduction_to_Network_Security/Firewall_Basics.htm (4) http://home.mcafee.com/advicecenter/?id=ad_ost_hvsf&ctst=1 (5) http://www.thewindowsclub.com/hardware-software-firewall-difference (6) http://computer.howstuffworks.com/firewall2.htm (7) http://www.networkworld.com/article/2289079/lan-wan/chapter-11--managing-firewalls.html